Half of all businesses would pay off cyber criminals to avoid GDPR fines

Work in this industry? Subscribe to our newsletter to stay-up-to date with the latest news, projects and products from Packaging Gateway.

Almost half of all business IT directors would hand over money to cyber hackers in order to avoid the costly fines that come with falling foul of the General Data Protection Regulation (GDPR).

According to a new survey conducted by digital security company Sophos, some 47% would ‘definitely’ be willing to hand over a ransom if it meant avoiding reporting the breach to authorities. Likewise, another 30% said that they would consider paying off the cyber criminals.

Just one in five ruled out any possibility of paying off a ransom altogether.

The survey found those less likely to pay a ransom were small businesses. More than half of respondents from companies with less than 250 employees said that they would pay up. Likewise, only one in 10 from companies with 500 – 750 employees would consider paying a ransom.

The reason for this is likely the consequences that come with breaching GDPR, which would likely be far more costly for larger businesses. Under the new laws, businesses that are found to have failed to protect customer data face a fine of up to €20m or 4% of global annual turnover, whichever is greater, meaning that big businesses face paying much larger amounts than cyber attackers would likely demand.

“Don’t pay the ransom”

However, according to Adam Bradley, UK managing director at Sophos, this shows that businesses “misunderstand the threat and consequences” of data breaches. Paying a ransom does not guarantee the safe return of company data, nor does it guarantee that the business will avoid a GDPR fine.

Bradley said:

“It is concerning to learn that so many UK IT leaders misunderstand the threat and consequences of even a minor data breach. Companies that pay a ransom might regain access to their data, but it’s far from guaranteed and a false economy if they do it to avoid a penalty. They still need to report the breach to the authorities and would face a significantly larger fine if they don’t report it promptly.

“‘It is surprising that large companies appear to be those most likely to pay a ransom. It is a mistake for companies of any size to trust hackers, or to expect that they’ll simply hand the data back.

“Our advice? Don’t pay the ransom, do tell the authorities promptly and make sure you take steps to minimise the chances of falling victim again.”

UK businesses among most misinformed

According to the study, businesses based in the UK are more confident that they adequately comply with GDPR. Some 46% of UK-based IT directors said they are confident that their organisations are compliant.

This is higher than the rest of Europe, where the percentage only topped 40% in the Netherlands. Just 37% of businesses in France believe they are fully compliant, as well as 35% in Ireland and 30% in Belgium.

And yet, the study found that UK firms were perhaps not as prepared to deal with cyber threats post-GDPR as they believe. Just 13% of UK-based directors reported that they had tools in place to prove compliance following a breach, compared to 27% in the Netherlands, 24% in France and 20% in Belgium.

Free download worth over $5000

Download our 2018 Technology, Media and Telecoms Predictions Report

Worth up to $5,850

In this report, we look at the 30 big tech themes identifying winners and losers for each theme. This report will impact all industries helping:

CEOs/Senior Staff: in all industries understand the disruptive threats to their competitive landscape

Investors: Helps fund managers focus their time on the most interesting investment opportunities in global technology, media and telecoms

RECOMMENDED COMPANIES

Learn more

Hover over the logos to learn more about the companies who made this project possible.

About

RHODIUS Mineralquellen is a can filling expert providing a complete service from recipe development to the finished product for beverages such as mineral water, soft drinks, tea, as well as a range of non-alcoholic and alcoholic drinks.

Products

Today the range of energy drinks on offer is becoming more and more varied: while the 250ml can was practically standard just a few years ago, caffeine-rich drinks are now also available in 500ml cans.